As we do with most ethical hacking certifications, we are dedicating an entire Forum Board to GPEN. Below is a link to the GPEN page here on EH-Net including my comments at this point in time, some more info from the SANS web site and a quote from Ed Skoudis.

GPEN is a brand new certification that will be linked to Network Penetration Testing and Ethical Hacking, a course developed by Ed Skoudis of Intelguardians. His intention is to "personally do everything I can to make you the best penetration tester." It is still in development and will have a few trial runs before making its major debut at the SANS WhatWorks in Penetration Testing & Ethical Hacking Summit in Las Vegas from May 31 - June 9, 2008. This is not replacing GCIH where you get a larger view of the ethical hacking process and more focus on how to handle this "incident" to keep your enterprise running. Also notice that the title specifically states "Network" Pen Testing and Ethical Hacking and doesn't delve as deeply into web application and wireless security as some of SANS other offerings, but those topics will be covered. Said to contain previously unpublished methods used by Ed and numerous professional pen testers, this class is sure to please anyone neck deep in the technology and process of ethical hacking.

Author Statement

Successful penetration testers don't just throw a bunch of hacks against an organization and regurgitate the output of their tools. Instead, they need to understand how these tools work in-depth, and conduct their test in a careful, professional manner. This course explains the inner workings of numerous tools and their use in effective network penetration testing and ethical hacking projects. When teaching the class, I particularly enjoy the numerous hands-on exercises culminated with a final pen-testing extravaganza lab.

This looks like it will be a great course. Is this what they've changed the name to from what they were originally calling the 'GCEH'? Any particular reason they strayed away from that? Perhaps to avoid confusion?

BillvThe validitiy of the pass is one year, it takes time to clear off one sans course, I wish if they can extend this to at least two years.

I am interested on this course and how it compares with the heros.net/offensive security courses. would it be uptodate with the latest trends? how much cool is the handson? and how practical is it in real life?

I will wait for vijay2 feedback, hope you enjoy it any way, take a powerful laptop, and stay away from windows vista if you are going to use vmware intensively

if you know anyone with access to the GIAC list that very question was asked. i didnt read the posts because i dont care, SANS material is way better than EC-Council but maybe someone else that has access will summarize for you.

For the benefit for all the readers, here is what Ed Skoudis had to say, quote ..

To help you understand how it differentiates from CEH, I put together this list of bullet points:

This SANS course differs from other penetration testing and ethical hacking courses in several important ways:• We get deep into the tools arsenal, with numerous hands-on exercises that show subtle, less-well-known, and undocumented features that are incredibly useful for professional penetration testers and ethical hackers.• The course discusses how the tools inter-relate with each other in an overall testing process. Rather than just throwing up a bunch of tools and playing with them, we analyze how to leverage information from one tool to get the most bang out of the next tool.• We focus on the workflow of professional penetration testers and ethical hackers, proceeding step-by-step discussing the most effective means for conducting projects.• The sessions address common pitfalls that arise in penetration tests and ethical hacking projects, providing real-world strategies and tactics for avoiding these problems to maximize the quality of test results.• We cover several timesaving tactics based on years of in-the-trenches experience from real penetration testers and ethical hackers, actions that might take hours or days unless you know the little secrets we'll cover that will let you surmount a problem in minutes.• The course stresses the mind-set of successful penetration testers and ethical hackers, which involves balancing the often contravening forces of creative "outside-the-box" thinking, methodical trouble-shooting, carefully weighing risks, following a time-tested process, painstakingly documenting results, and creating a high quality final report that achieves management and technical buy-in.• We also analyze how penetration testing and ethical hacking should fit into a comprehensive enterprise information security program.